POST /api/webhooks/stripe
Receives Stripe webhook events to update license and billing data.
Authentication
This endpoint does not use session-based auth. Instead, the Stripe webhook signature is verified using STRIPE_WEBHOOK_SECRET.
Requests with invalid signatures return 400.
Events Handled
| Event | Action |
|---|---|
customer.subscription.created | Set license tier, activate license |
customer.subscription.updated | Update tier if changed |
invoice.payment_succeeded | Record in billing history |
customer.subscription.deleted | Downgrade to free tier |
Request
Stripe sends a POST request with:
- Body: JSON event payload
- Header:
Stripe-Signature: t=...,v1=...
Response
Status: 200 OK — event processed
Status: 400 — signature invalid or event parsing failed
Configuring Webhooks
In the Stripe dashboard, register your webhook endpoint:
https://lydaro.app/api/webhooks/stripeEvents to listen for:
customer.subscription.createdcustomer.subscription.updatedcustomer.subscription.deletedinvoice.payment_succeeded
Code Reference
- Handler:
app/api/webhooks/stripe/route.ts - Tests:
tests/licensing.spec.ts(webhook handler section)